Newbie: Easiest way to view ES Results

Dhiwakar_Kusuma · June 7, 2018, 9:33am

Whats' the easiest way to view the ES Query results - I have '000s of documents in my index? Kibana console is making me feel tired

Mark_Harwood · June 7, 2018, 11:12am

Kibana's "Discover" tab? You can pick which columns to view in a tabular form

Dhiwakar_Kusuma · June 8, 2018, 9:43am

But, does discover tab allow you to put your own custom query? I couldn't find options there. We have a custom query with custom scoring logic.

Mark_Harwood · June 8, 2018, 9:44am

Yes - you can paste raw JSON strings into the search bar.

Dhiwakar_Kusuma · June 8, 2018, 9:48am

I don't get it, when you say JSON are you referring to the output? I would be interested in posting my query like below and expect the results to be displayed in grid.

GET dummyindex/_search
{
"size": 1,
"query": {
"bool": {
"should": [
{
"match": {
"skillkeywords.skillset.skill": "Salesforce"
}
},
{
"match": {
"skillkeywords.skillset.skill": "AngularJS"
}
}
],
"minimum_should_match": "3<90%",
"boost": 1
}
}
}

PS: Didn't expect such a fast response ... it is almost like chatting!

Mark_Harwood · June 8, 2018, 9:50am

Hi, no I meant your query - that is JSON too. Specifically the bit after "query":

Dhiwakar_Kusuma · June 11, 2018, 8:26am

Got it, thanks!

gthang · June 12, 2018, 3:20pm

I am not sure if I can hijack this thread or not, please let me know if I have commited any faux-pas here, and I will start a new thread.

I have composed the following query in the dev tools, and when I try to copy the json portion after the search, I just get an error message. Any thoughts on how I should paste the query in the discover tool?

Thanks,
gthang

POST stats-m-mms-daily/_search
{
"query": {
"range": {
"@timestamp": {
"gt": "now-5s",
"lt": "now"
}
}
},
"size": 0,
"aggs": {
"cloud": {
"terms": {
"field": "groupName"
},
"aggs": {
"instance": {
"terms": {
"field": "instance",
"size": 1
},
"aggs": {
"totalMessagesReq": {
"sum": {
"field": "CustomStats_totalMessagesReq"
}
}
}
}
}
}
}
}

Dhiwakar_Kusuma · June 18, 2018, 5:49am

Here is a simple example that will guide you -

If the query is
GET myindex/_search?search_type=dfs_query_then_fetch
{
"size": 5,
"query": {
"query_string": {
"query": "something something blah blah"
}
}
}

Then, here is what you should be putting in the discover tab - Basically the whole text after the query keyword.

{ "query_string": { "query": "something something blah blah" }}

Hope this helps.

gthang · June 19, 2018, 4:03pm

Thank you very much!

system · July 17, 2018, 4:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.